I would remove the reference to "named_program", I'm not sure that it's relevant.

You can set named_flags how you want, but to run it chrooted take a look at the comments in /etc/defaults/rc.conf,

Code:

# To run the named(8) DNS server as an unprivileged user under a
# chroot(2) cage, uncomment the following after migrating the contents
# of /etc/namedb to /var/chroot/named/etc/namedb
#
#named_chrootdir="/var/chroot/named"

The last uncommented line should of course be placed in /etc/rc.conf .